The aipost AI WP Writer WordPress plugin versions up to 3.8.4.4 contain a Cross-Site Request Forgery (CSRF) vulnerability. This flaw allows attackers to induce authenticated users to submit unwanted requests, potentially causing unauthorized changes to plugin data or settings. The vulnerability does not affect confidentiality or availability but impacts integrity. The CVSS 3.1 base score is 4.3, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or availability impact, and low integrity impact. No patch or vendor advisory is currently available to confirm remediation status.

The vulnerability enables an attacker to perform unauthorized actions by exploiting the trust of an authenticated user through CSRF attacks. While it does not compromise data confidentiality or system availability, it can lead to unauthorized modifications within the AI WP Writer plugin. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or limiting use of the AI WP Writer plugin, and apply standard CSRF mitigations such as ensuring proper nonce implementation and user session validation if possible. Monitor vendor channels for updates.